This Week in Cybersecurity News
Breach at IRS Exposes Tax Returnsby John D. McKinnon and Laura Saunders, Wall Street Journal
The Internal Revenue Service said on May 26 that identity thieves had stolen prior-year tax return information for about 104,000 U.S. households. The thieves used stolen social security numbers and other personal data to gain unauthorized access to the accounts beginning in February and continuing through May. The IRS believes fewer than 15,000 refunds were paid as a result of the frauds.
Data Theft the Goal of BlackEnergy Attacks on Industrial Control Systems, Researchers Say by Jai Vijayan, Dark Reading
The motivation of an advanced malware campaign targeting U.S. industrial control systems since 2011 known as BlackEnergy has been data theft. The malware was first identified in October 2014 by ICS-CERT with an update in December 2014. The alerts from ICS-CERT warned of numerous industrial control systems being compromised with multiple victims identifying the malware on internet-connected human-machine interface systems.
Cyber-Attacks in 2015 Reveal Unknown Flaws in Flash, Windows by Robert Lemos, eWeek
Seven cyberattacks in the first quarter of 2015 used zero-day flaws in Adobe Flash and Microsoft Windows. The use of zero-days has grown dramatically over the past three years according to research from Secunia with attacks rising from 14 in 2012 to 25 in 2014.
Like Routers, most USB Modems also Vulnerable to Drive-by Hacking by Lucian Constantin, IDG News Service
Most 3G and 4G USB modems offered by mobile operators have vulnerabilities in their Web-based management interfaces that can be exploited remotely when users visit compromised websites. The flaw could allow attackers to steal or manipulate text messages, contacts, Wi-Fi settings or the DNS configuration of affected modems.
Hospitals in at least 3 States affected by Employee Data Breach by Robert Abel, SC Magazine
A call-center employee at North Carolina-based Medical Management LLC may have compromised the data of thousands of patients at the University of Pennsylvania Medical Center, Grandview Health, Englewood Hospital and Medical Center, The Valley Hospital, Holy Name Medical Center and White Plains Hospital. The compromised data includes social security numbers, names and birthdates.
ICYMI Threat Geek Post of the Week: Enhancing Cybersecurity in Eastern Europe by Jim Jaeger